Primary Menu

Books for the Wannabe Geek

The StingRay knows where you are

The StingRay is a technology which is a cell site simulator for mobile phones to connect to. The hand held version is called KingFish. It has been used covertly by law enforcement agencies in the US. Also possibly in the UK both secretly and also legally with a warrant. It is a device that the FBI and others would use to find out exactly where you are. The use of the devices was discovered and made public by Daniel Rigmaiden. As law-abiding citizens our first thought is going to be what a marvellous device this is. It can be used to find criminals such as terrorists, murderers or rapists and how can that be a bad thing? A problem with such devices that it can also be used improperly such as to conduct a denial of service attacks and for encryption key extraction. The device can also be used to intercept communications content and so can be used as a man in the middle attack on your data. Protect your data with GPG Encryption. The problem with such a device is that while it is being used, it is indiscriminate on what it can see. The StingRay IMSI-catcher pretends to be mobile tower and forces all nearby mobile phones and data devices to connect to it. The important part of that is all nearby mobile devices will have to connect to it. The FBI have stated that they purge all of this extra data whenever they have finished the investigation. You will have to question how long the investigation is going on for and if it is ever going to be closed. You might also wonder if you can trust them to do what they say they are going to do. Then there are the other more secret organisations who don’t tell you they are using the devices and plan to do whatever they like with the information they collect.

If the StingRay technology is there

So what happens when this technology becomes more widely available? These devices can be put onto aeroplanes of various types, including drones, will at some point in time be copied and improved upon. The question to ask is, who is doing the copying and what are their intentions. These devices or similar could end up in the hands of people with criminal intent. There is also the case the devices could be used by legitimate entities and the information is lost, leaked or stolen. This leads me to think that the idea Phil Zimmermann has to make phones where voice traffic is encrypted could be a good idea. People using these StingRay devices are also able to do the man in the middle type of attack to look at our emails. We should not be making it easy for the hackers by not encrypting our emails.

The StingRay used secretly by law enforcement

These devices have been used by laws enforcement in secret. It was so secret that if a defendant in a law case mentioned the StingRay device on the way to court, it was very likely the case would be dropped. That way the StingRay cell site simulator would not become public knowledge. I’m sure it is probably true to say that the law enforcement had the best interests of society at large when using the StingRay. Covert use of the device would make it more effective. It’s just that we are a little bit wary of what the government and its agencies will do on our behalf. We don’t really want it to become like George Orwell’s 1984 Big Brother society. It may come down to having to take the batteries out of our smart phones or not using one if we don’t want to be tracked. Mind you, I might wonder what you are up to if you have the need to go off radar. In any case, today should be the first day you start to encrypt your emails. Using encryption gives you the choice whether to reveal information to law enforcement if they should ask.

Download PDF Book - SMIME SETUP

Using S/Mime certificates is easy when you have it set up. Learn how to get the Certificate on to your Mac and iOS Devices.

FREE Step by Step Guide to Getting a S/Mime email certificate from StartSSL.com​

There are a lot of steps to set up a cert. You have to use the Terminal and put the private key and the certificate in the right places to get the file you need to put the certificate on your iOS devices.